Oracle has patched nearly 100 security flaws in Java, Fusion Middleware, Database, MySQL and other products.
For Java SE, the update fixes 14 CVE-listed bugs. All of the flaws are remotely exploitable without authentication to compromise a victim's computer, and three were given risk assessment scores of 10 out of 10. (Psst ... Google just disabled Java plugins by default in Chrome.)
The Oracle Database patch, meanwhile, fixes four CVE-listed security holes, including vulnerabilities in Java VM and XML Database. None of the four flaws is believed to be remotely exploitable.
The Fusion Middleware update will fix 17 CVE flaws, 12 of which can be remotely exploited without authentication.
MySQL, meanwhile, gets an update to address 26 security flaws, including four that could be remotely targeted by an attacker without authorization.
Other Oracle products needing patches include Enterprise Manager, Hyperion, JD Edwards/PeopleSoft, Retail Industry Suite, and Health Sciences Applications Suite. Oracle has posted a full list of the updated products to its support site.
The Oracle security updates, usually arriving four times a year, come on the heels of this month's Patch Tuesday releases from Microsoft and Adobe. For companies and users running software from all three vendors, it will be a busy week or month spent testing and patching systems. ®